Hi Kenny
I'm back and I've followed your instructions (and many thanks for the extra clarification, it really helped
)
And I am just adding here that I do keep my AV updated - I check every single time I go online for updates - although I sometimes have to keep clicking update as it doesn't always want to respond when I first click it.
Here's my report of what I've been doing, first-off:I did the fixes as instructed on HJT - had to do it twice as it wouldn't do the smmcd.dll file first time out. First time I got an error message came up. Sorry but I didn't manage to copy any of the text.
I ran the killbox in safemode twice - once for each file as I couldn't see that it had got both files the first time. And each time I had the pending file rename operations box come up, and both times I had to reboot manually
I did the AVG stuff all in normal mode - hope that's not going to have caused a problem.
So, here's my latest HJT scan log:Logfile of HijackThis v1.99.1
Scan saved at 23:56:40, on 01/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\Geek.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone:
http://locator.cdn.imageservr.comO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1160597149880O17 - HKLM\System\CCS\Services\Tcpip\..\{2EDD4B14-54F4-4B80-8C79-92BB9796CA01}: NameServer = 80.189.94.2 80.189.92.2
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
And here's the AVGas one:---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 23:54:09 01/02/2007
+ Scan result:
C:\WINDOWS\em.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1202660629-492894223-854245398-1004\Software\DNS -> Adware.Shorty : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lvnrchuv.dll -> Adware.Winfixer : Cleaned with backup (quarantined).
C:\Program Files\MSN Gaming Zone\hodyv.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\Windows Media Player\kygexavit.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\VundoFix Backups\ggcgodoe.dll.bad -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\VundoFix Backups\iutgicow.dll.bad -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\VundoFix Backups\ivodesbr.dll.bad -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\VundoFix Backups\iwfmuxhj.dll.bad -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\VundoFix Backups\ixqwfald.dll.bad -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\VundoFix Backups\iybteqgr.dll.bad -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\VundoFix Backups\nmuivdls.dll.bad -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\VundoFix Backups\rrtmaolf.dll.bad -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\VundoFix Backups\shvxfifj.dll.bad -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\VundoFix Backups\sjnwyajj.dll.bad -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\VundoFix Backups\uiiaeptp.dll.bad -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\VundoFix Backups\wtquvabe.dll.bad -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\VundoFix Backups\yayhkmdp.dll.bad -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\WINDOWS\system32\acjdfvcx.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\VundoFix Backups\qepglljv.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\VundoFix Backups\chhhawrm.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\Documents and Settings\Louise Shepherd\Cookies\louise_shepherd@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Louise Shepherd\Cookies\
[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Louise Shepherd\Cookies\
[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:C:\Documents and Settings\Louise Shepherd\Application Data\Mozilla\Firefox\Profiles\tcxme86w.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.34:C:\Documents and Settings\Louise Shepherd\Application Data\Mozilla\Firefox\Profiles\tcxme86w.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.18:C:\Documents and Settings\Louise Shepherd\Application Data\Mozilla\Firefox\Profiles\tcxme86w.default\cookies.txt -> TrackingCookie.Co : Cleaned.
:mozilla.90:C:\Documents and Settings\Louise Shepherd\Application Data\Mozilla\Firefox\Profiles\tcxme86w.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.29:C:\Documents and Settings\Louise Shepherd\Application Data\Mozilla\Firefox\Profiles\tcxme86w.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.30:C:\Documents and Settings\Louise Shepherd\Application Data\Mozilla\Firefox\Profiles\tcxme86w.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.31:C:\Documents and Settings\Louise Shepherd\Application Data\Mozilla\Firefox\Profiles\tcxme86w.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.32:C:\Documents and Settings\Louise Shepherd\Application Data\Mozilla\Firefox\Profiles\tcxme86w.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.80:C:\Documents and Settings\Louise Shepherd\Application Data\Mozilla\Firefox\Profiles\tcxme86w.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.81:C:\Documents and Settings\Louise Shepherd\Application Data\Mozilla\Firefox\Profiles\tcxme86w.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.82:C:\Documents and Settings\Louise Shepherd\Application Data\Mozilla\Firefox\Profiles\tcxme86w.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.83:C:\Documents and Settings\Louise Shepherd\Application Data\Mozilla\Firefox\Profiles\tcxme86w.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
::Report end
Edited by StripeyUnited, 01 February 2007 - 06:10 PM.